Rapid7,
the leading provider of security risk intelligence solutions, today
announced that the new version of its vulnerability
management solution, Rapid7®
Nexpose, introduces features for discovering and scanning IPv6
assets that organizations may not even know they have. The new version
also further reduces the signal-to-noise ratio of assessing security
risk by filtering out unnecessary background noise that makes it hard
for security professionals to identify and focus on the highest priority
security issues. These features simplify vulnerability management for
busy security professionals who must address hugely complex security
challenges on a daily basis.

“Security professionals are overwhelmed by information. It’s
increasingly complex for them to even identify what assets the
organization has, let alone associated threats and the steps needed to
improve their security posture,” said Richard Perkett, vice president of
Engineering at Rapid7. “Rapid7 simplifies this process by pioneering
dynamic discovery of assets that are otherwise hard to track, such as
IPv6 and virtual assets. Combined with Nexpose’s remediation
prioritization and vulnerability filtering, the result is efficiency in
identifying the threats and actions that will make a real difference to
the organization’s security posture, thereby increasing the credibility
of security teams across the organization.”

Discovery and Scanning for IPv6

Approximately 95% of IPv4 address space has already been allocated1
and with devices increasingly requiring one or many IPs, the transition
to the next generation, IPv6, is not far off. In fact, while most
organizations believe they are not yet deploying IPv6, many devices are
enabled for it by default. This represents a significant risk due to a
number of factors, starting with a lack of IPv6 readiness in security
products. Meanwhile, attackers are starting to recognize the
opportunities in IPv6 as an attack vector and can tunnel in through IPv4
devices to then exploit the IPv6 vulnerabilities currently not being
identified and addressed.

This threat is amplified by the difficulty that security professionals
encounter in finding IPv6 assets in existing IPv4 production
environments. The new edition of Nexpose addresses this by dynamically
discovering IPv6 and IPv4 assets and scanning both for vulnerabilities.
With Nexpose you can:

Perform an IPv6 discovery over an IPv4 network, thereby enabling
organizations to disable IPv6 devices in IPv4 networks as they could
present a potential security risk

Create a dynamic asset group and find assets with known IPv4 addresses
that also have previously undiscovered IPv6 addresses, creating
significant efficiencies by automating traditionally manual processes

Run a report to show IPv6 enabled devices

Conduct a scan to discover vulnerabilities in these IPv6 devices

Export data to Metasploit and then run a risk assessment to validate
risk based on exploits

“Nexpose can easily discover and scan IPv6 assets even if users don’t
think IPv6 is relevant to them yet. The solution works directly from the
user’s IPv4 environment to help them assess whether they have any IPv6
devices, for example, routers that are enabled by default, and if they
have any relevant vulnerabilities,” explained Perkett.

Vulnerability Filtering to Reduce Signal-to-Noise Ratio

One of the hardest challenges security professionals face is discerning
which “signals” they really need to listen to amongst all the “noise”
they hear. In the case of vulnerability scanning, it is common for
security professionals to receive reports of tens, if not hundreds, of
thousands of vulnerabilities. Identifying which of these are the most
critical and should be addressed first is a complex challenge. Nexpose
already simplifies this by providing contextual risk information based
on exploit exposure, malware exposure, malware kits and the age of
vulnerabilities identified, all of which impact the risk factor. Rather
than providing generic advice on what vulnerabilities should be patched,
it specifically prescribes steps on what needs to be remediated or
mitigated based on the specific environment.

With the new version of Nexpose, Rapid7 provides the industry’s most
comprehensive capabilities for reducing the signal-to-noise ratio for
vulnerability management. Users can now also filter asset and
vulnerability information into groups that make sense to the
organization and its structure. This enables users to produce reports
with a sharper focus on specific security issues, giving remediation
teams the exact information they need to do their jobs and eliminate the
“noise” of extraneous vulnerability data. For example, users can
generate reports that only include Adobe vulnerabilities. Likewise,
users can exclude certain categories, such as for a particular platform
or service for which they have a patch program in place. Being able to
tailor the information for their audience in this way increases the
credibility and relevance of security teams, promoting greater
collaboration with IT operations.

“Organizations are drinking from the firehose at the moment, and many
may feel like they’re drowning. The huge reports they have to wrestle
with are a roadblock to productivity, and handing them off to IT
operations for remediation hardly promotes a healthy collaborative
relationship,” said Perkett. “With Nexpose, users can quickly determine
which vulnerabilities are more relevant than others, filtering out a lot
of the noise. The reports they give IT operations can be tailored to
reflect the organization’s internal structure, so they are relevant and
straight-to-the-point, increasing efficiency all round.”

Rapid7 is the leading provider of security risk intelligence. Its
integrated vulnerability
management and penetration
testing products, Nexpose and Metasploit, empower organizations to
obtain accurate, actionable and contextual intelligence into their
threat and risk posture. Rapid7's solutions are used by more than 2,000
enterprises and government agencies in more than 65 countries, while the
Company's free products are downloaded more than one million times per
year and enhanced by the more than 175,000 members of its open source
security community. Rapid7 has been recognized as one of the fastest
growing security companies by Inc. Magazine and as a "Top Place to Work"
by the Boston Globe. Its products are top rated by Gartner®,
Forrester® and SC Magazine. The Company is backed by Bain
Capital Ventures and Technology Crossover Ventures. For more information
about Rapid7, please visit http://www.rapid7.com.

About Rapid7 Nexpose

Nexpose proactively supports the entire vulnerability management
lifecycle, including discovery, detection, verification, risk
classification, impact analysis, reporting and mitigation. This gives
organizations immediate insight into the security posture of their IT
environment by conducting over 92,000 vulnerability checks for more than
31,800 vulnerabilities. The solution leverages one of the largest
vulnerabilities databases to identify vulnerabilities across networks,
operating systems, databases, Web applications and virtual assets. Risk
is classified based on real exploit intelligence combined with industry
standard metrics such as CVSS, as well as temporal and weighted risk
scoring. Nexpose provides a detailed, sequenced remediation roadmap with
time estimates for each task. Nexpose is used to help organizations
improve their overall risk posture and security readiness as well as to
comply with mandatory regulations, including security requirements for
PCI, HIPAA, ARRA HITECH ACT, FISMA (including SCAP, USGCB, FDCC and
CyberScope Compliance), Sarbanes-Oxley (SOX) and NERC CIP. Nexpose is a
Common Criteria EAL3+ product and received the SC Magazine Vulnerability
Assessment Tool of the Year Award in 2012.

1 Approximately 95% of IPv4 address space was already
allocated as of Sept. 3, 2010, according to the American Registry for
Internet Numbers, which delegates blocks of IPv4 and IPv6 addresses to
carriers and enterprises in North America.

20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.

In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain.
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...

DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain.
In this power panel at @...

The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...

With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...

20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.

More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be.
We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...

"We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.

The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, provided an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data professionals...

Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2017 New York
The 7th Internet of @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, New York.
Chris Matthieu is the co-founder and CTO of Octoblu, a revolutionary real-time IoT platform recently acquired by Citrix. Octoblu connects things, systems, people and clouds to a global mesh network allowing users to automate and control design flo...

The WebRTC Summit New York, to be held June 6-8, 2017, at the Javits Center in New York City, NY, announces that its Call for Papers is now open. Topics include all aspects of improving IT delivery by eliminating waste through automated business models leveraging cloud technologies. WebRTC Summit is co-located with 20th International Cloud Expo and @ThingsExpo. WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web co...

Amazon has gradually rolled out parts of its IoT offerings, but these are just the tip of the iceberg. In addition to optimizing their backend AWS offerings, Amazon is laying the ground work to be a major force in IoT - especially in the connected home and office.
In his session at @ThingsExpo, Chris Kocher, founder and managing director of Grey Heron, explained how Amazon is extending its reach to become a major force in IoT by building on its dominant cloud IoT platform, its Dash Button strat...

Complete Internet of Things (IoT) embedded device security is not just about the device but involves the entire product’s identity, data and control integrity, and services traversing the cloud. A device can no longer be looked at as an island; it is a part of a system. In fact, given the cross-domain interactions enabled by IoT it could be a part of many systems. Also, depending on where the device is deployed, for example, in the office building versus a factory floor or oil field, security ha...

In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.

The idea of comparing data in motion (at the sensor level) to data at rest (in a Big Data server warehouse) with predictive analytics in the cloud is very appealing to the industrial IoT sector. The problem Big Data vendors have, however, is access to that data in motion at the sensor location.
In his session at @ThingsExpo, Scott Allen, CMO of FreeWave, discussed how as IoT is increasingly adopted by industrial markets, there is going to be an increased demand for sensor data from the outermos...

Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value.
In his session at 20th Cloud Expo, Ed Featherston, director/senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.

In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential.
Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...

SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2017 New York.
The 20th Cloud Expo and 7th @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, NY.
"The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Internet to enable us all to im...

Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...

"Once customers get a year into their IoT deployments, they start to realize that they may have been shortsighted in the ways they built out their deployment and the key thing I see a lot of people looking at is - how can I take equipment data, pull it back in an IoT solution and show it in a dashboard," stated Dave McCarthy, Director of Products at Bsquare Corporation, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.

In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain.
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management...

Okay, let me get this out there: I find the term “Citizen Data Scientist” confusing. Gartner defines a “citizen data scientist as “a person who creates or generates models that leverage predictive or prescriptive analytics but whose primary job function is outside of the field of statistics and analytics.” While we teach business users to “think like a data scientist” in their ability to identify those variables and metrics that might be better predictors of performance, I do not expect that the business stakeholders are going to be able to create and generate analytic models. I do not believe...

We have been seeing a sudden rise in the deployment of Artificial Intelligence (AI), Machine Learning (ML), and Deep Learning (DL). It looks like the long “AI winter” is finally over. It is interesting to note that AI was mentioned by Alan Turing in a paper he wrote back in 1950 to suggest that there is possibility to build machines with true intelligence. Then in 1956, John McCarthy organized a conference at Dartmounth and coined the phrase Artificial Intelligence. Much of the next three decades did not see much activity and hence the phrase “AI Winter” was coined. Around 1997, IBM’s Deep Blu...

Nerdio is an IT-as-a-service platform with virtual desktop infrastructure (VDI) technology at its core. It is designed for IT departments that need a way to easily manage their ever-increasing workloads. Nerdio allows users to efficiently manage their complete IT environments by giving them full visibility and control of users’ desktops. In addition to virtual desktops, the platform includes unlimited virtual servers, Microsoft Office 365 security, and disaster recovery and 24/7/365 support.

Reality itself is going through a digital transformation thanks to leaps in 3D rendering and the crunch-speed motion feedback data. Although the modern definition of virtual reality (VR) has been making promises for three decades, the emphasis was always on the potential. Now it’s here. This is a tour of the state of VR in 2016 and where developers are taking it as VR spreads far beyond the world of gaming.

Cyberattacks are relentless. The pace of attacks shows no sign of slowing, and organizations understand that 100 percent prevention of attacks is not possible. Traditional prevention and detection techniques are falling short, and security professionals are scrambling for new paradigms that can more effectively detect attacks and mitigate the growing levels of damage. In this climate of confusion, deception-based solutions offer a viable and proven way to stop attackers in their tracks. Why? Because instead of sitting back and waiting to be the victim, detection technologies let organizations ...

My daughter called with a frantic message. She was driving my car (why she was driving my car when she has her own is the subject for another time) and a warning message appeared on the car console: “Engine overheated! Stop engine and allow to cool down” (see Figure 1).
Fortunately, my daughter was nearly home, so she got the car home, shut it down and called me immediately (I was on the road somewhere…Washington DC, Philadelphia, Knoxville, Chicago, Toronto…I don’t even remember where anymore). I called my trusty mechanic (Chuck) and he was able to work my car into the schedule when I got ba...

With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterp...

Almost a year ago, I wrote these words, "Technology has reached the tipping point for me, it moved from a help to a hindrance." The plethora of adrenaline- and endorphin-inducing mobile apps, 24x7 news, notifications, alerts and updates, drip fed my brain and hindered my "deep work and deep thoughts." In Cal Newport's new book titled, Deep Work he posits that most knowledge workers need concentration and substantial time, dedicated and uninterrupted, to produce their best work. He argues that a lot of technologies and open office layouts today inhibit creativity, "deep work" and "deep thoughts...

When was the last time you’ve ever heard anyone say “IT Applications & Operations”? Frankly, in my 30+ year career in IT, I don’t believe I’ve ever heard anyone use this term. The typical term we hear is IT Infrastructure & Operations. These two go together like Peanut Butter and Jelly, which tells us a lot about how we view the field of IT. For those that may not be familiar with the role of IT Operations, Joe Hertvik does a great job here of describing IT Operations Management as someone engaged in the role of providing this service to the business. As you can see it’s very interesting how ...

This is a guest post from Cloudinary, a cloud-based image and video management solution. We are always looking for ways to help companies deliver digital experiences that will meet customers expectations in terms of content and performance. Tackling these 5 challenges is a good step towards delivering a top-notch digital experience.
We are in the midst of a great evolution when it comes to website design. Formerly text-heavy sites now rely on eye-catching images and video to draw in visitors, improve engagement rates and drive readership. These results are proven. Articles with relevant ima...

The holiday season is nearly upon us (I’ve already heard Christmas songs being played…really?) and retailers are usually the big winners during the holiday season. However, leading retailers are already thinking beyond the current holiday season, and not just from marketing and merchandising perspectives. These leading retailers are considering how this holiday season – and the resulting wealth of customer, product and operational data – can be converted into new analytic insights that can be used to optimize key business processes, uncover new monetization opportunities and create a more comp...

I was on a high-rise construction site 34-floors above the city. I was talking to the construction crew when a fight broke out. There was an explosion and the floor collapsed. I removed the virtual reality (VR) goggles and laughed. It was so real. The VR solutions provided an incredible experience, almost like being there. As good as my experience was, it was not reality. It was a controlled pre-programmed experience - a notional idea. Today, however, VR and sensor technologies enable a notional idea to become reality – a Real-Reality.

The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, provided an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data professionals, as experts estimate that “as-a-service” cloud sourcing will increase from today’s 15% to 35% by 20...

Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2017 New York
The 7th Internet of @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, New York.
Chris Matthieu is the co-founder and CTO of Octoblu, a revolutionary real-time IoT platform recently acquired by Citrix. Octoblu connects things, systems, people and clouds to a global mesh network allowing users to automate and control design flows, processes and sensor data, and analyze/react to real-time events and messages as well as big dat...

Cloud computing budgets worldwide are reaching into the hundreds of billions of dollars, and no organization can survive long without some sort of cloud migration strategy. Each month brings new announcements, use cases, and success stories.